independent and unofficial
Prince fan community
Welcome! Sign up or enter username and password to remember me
Forum jump
Forums > General Discussion > Hackers are draining bank accounts via the Starbucks app
« Previous topic  Next topic »
  New topic   Printable     (Log in to 'subscribe' to this topic)
Author

Tweet     Share

Message
Thread started 05/14/15 11:17am

XxAxX

avatar

Hackers are draining bank accounts via the Starbucks app

just in case no one has posted this topic:. this scares me when i think of how secure our money really is in this day and age

.

.

.

Hackers are draining bank accounts via the Starbucks app\

Starbucks wants to be your new wallet

Thieves are stealing money from people's credit cards, bank and PayPal accounts -- by first tapping into their Starbucks mobile app.

Starbucks (SBUX) on Wednesday acknowledged that criminals have been breaking into individual customer rewards accounts.

.

The Starbucks app lets you pay at checkout with your phone. It can also reload Starbucks gift cards by automatically drawing funds from your bank account, credit card or PayPal.

.

That's how criminals are siphoning money away from victims. They break into a victim's Starbucks account online, add a new gift card, transfer funds over -- and repeat the process every time the original card reloads.

.

These thefts were first reported by consumer journalist Bob Sullivan.

CNNMoney interviewed several Starbucks customers who in recent months have had this happen to them.

.

It happened to Jean Obando on the Saturday evening of December 7. He had just stopped by a Starbucks in Sugar Land, Texas and paid with his phone app. Then while driving on the highway, his phone chimed with a barrage of alerts. PayPal repeatedly notified him that his Starbucks card was being automatically reloaded with $50.

.

Then came the email from Starbucks.

"Your eGift Just Made Someone's Day," the email said. "It's a great way to treat someone — whether it's to say Happy Birthday, Thank you or just 'this one's on me.'"

He got 10 more just like it -- in just five minutes.

.

Starbucks didn't stop a single transaction or pause to ask Obando for secondary approval. All of them went through. When Obando told Starbucks he thought his account was hijacked, Starbucks promised to conduct a review. When Obando asked to stop the payments and refund his money, Starbucks told him to dispute the charges with PayPal.

.

It took Obando two weeks to get back his $550. He said the incident made him realize Starbucks doesn't seek enough approval from customers before directly accessing their bank accounts.

Obando, who works in a Houston high school's technology department, said he disabled the app.

"Now, I just pay with my credit card or cash," he said. "I can't trust Starbucks with my payment information anymore."

.

Starbucks records obtained by CNNMoney show that all of those payments went to a card registered to the email address tranlejame3@yahoo.com. No one from that address has responded to questions.

.

The same thing happened to Kristi Overton on Monday morning. She was working from her desk at an auto body shop in Florence, Alabama when her phone dinged five times. Someone broke into her Starbucks account, turned on the auto-reload feature, then emptied her existing gift card repeatedly.

.

The thief stole $115 in a few seconds -- and luckily didn't trigger a bank overdraft fee. Starbucks and PayPal have promised her the charges will be reversed.

.

"I think it's too easy to dip into someone's bank account," she said. "The Starbucks app's security measures need to be updated."

Overton has since removed the Starbucks app from her phone as well.

.

Starbucks told CNNMoney the company has not been hacked, and it didn't lose customer data. The company said these account takeovers are likely due to weak customer passwords. Starbucks suggested that customers use unique, strong passwords.

.

(CNNMoney's password advice? Use a long phrase with upper/lower case letters, numbers and symbols, like: TryTh1sEx@mple)

.

That might be what happened to Overton. She admitted she reused the same password on her email and Starbucks account. Another Starbucks customer -- Nicole McCool in Austin, Texas -- was also forced to reset her passwords after someone stole $100 from the Starbucks account linked to her bank account in October, leaving her without a debit card and unable to pay bills for 10 days.

.

But Starbucks can do more on its end. Most respectable online services (like Gmail, Twitter and LinkedIn) let users enable two-step authentication, which sends a text message to your phone whenever you sign in from a new device. This added layer of security would have protected Starbucks customers, said Gavin Reid, an executive with cybersecurity firm Lancope.

.

Starbucks wouldn't say if it's adding new security measures to its system. But it promises customers will be reimbursed for any fraudulent charges.

.

This is the second time Starbucks payment system runs into security issues. Last year someone discovered the Starbucks app left pa...vulnerable, because it was storing them in plain text.

Because this is an issue with account access, the only way for customers to protect themselves is to create a strong password -- and erase any payment methods attached to their Starbucks account. Disabling the auto-reload of money isn't enough. A criminal can just turn that back on.

.

.

.

.

  - E-mail - orgNote - Report post to moderator
Reply #1 posted 05/14/15 2:43pm

dJJ

Well, Starbucks coffee isn't any good anyways, so it will not harm you to skip that store, right?



I get what you are afraid of. But, the plastic money system works surprisingly well.

99% of my posts are ironic. Maybe this post sides with the other 1%.
  - E-mail - orgNote - Report post to moderator
Reply #2 posted 05/14/15 3:58pm

purplethunder3
121

avatar

I don't do apps. hmph! Starbucks does have one coffee I like--the Blonde Roast. Very smooth.

"Music gives a soul to the universe, wings to the mind, flight to the imagination and life to everything." --Plato

https://youtu.be/CVwv9LZMah0
  - E-mail - orgNote - Report post to moderator
Reply #3 posted 05/15/15 2:15am

wildgoldenhone
y

Oh I'd better check my app. I had 3 free drinks and $15 credit but never re-loaded or attached an account. I hope it's ok.

  - E-mail - orgNote - Report post to moderator
Reply #4 posted 05/15/15 6:35am

Graycap23

avatar

Seriously.................who couldn't see something like this coming from a mile away?

No way in hell I'm tying any of my accounts 2 an app.

FOOLS multiply when WISE Men & Women are silent.
  - E-mail - orgNote - Report post to moderator
Reply #5 posted 05/15/15 9:36am

namepeace

^I can co-sign from experience.


I got hit 6 months ago, because I reloaded my card using my app. That's how they get the info they need. Then they gin up "reloads" to your card using the same info that really don't go to the card but are withdrawals.

The app itself works fine, but reload at the counter.

Good night, sweet Prince | 7 June 1958 - 21 April 2016

Props will be withheld until the showing and proving has commenced. -- Aaron McGruder
  - E-mail - orgNote - Report post to moderator
  New topic   Printable     (Log in to 'subscribe' to this topic)
« Previous topic  Next topic »
Forums > General Discussion > Hackers are draining bank accounts via the Starbucks app